I am running Azure DevOps Ubuntu self-hosted agent as container in the Container Instances. What are the minimum inbound and outbound network traffic rules so the agent can operate? I tried ports 80 and 443 TCP for both in and outbound but the container is still not able to find the DevOps Agent pool (it says [1;36m1. Determining matching Azure Pipelines agent...[0m).
As depicted here, only outbound HTTP(S) on port 443 is required.
Related
I am running a SHIR that is attached to Azure Synapse on a VM host that uses outbound port 443. I want to create a scheduled custom AzCopy service that also uses outbound port 443 on that same VM. Is this possible if the schedules of the AzCopy service and Synapse jobs don't overlap or does the SHIR occupies port 443 uninterrupted?
Since this is an outbound connection, the port is not "held" by self hosted integration runtime, and you can use it with other applications.
I am running a container instance in a private network as self-hosted agent to perform DevOps pipeline jobs. The container instance resides in vnet-a and all traffic to the internet is routed via a firewall instance in vnet-b:
If I start the container instance, it displays the logging [1;36m1. Determining matching Azure Pipelines agent...[0m. This indicates that it can't connect to the Azure DevOps server.
On the container instance, I opened outbound TCP ports 443 and 80. Furthermore, I created outbound rules on the firewall that allows traffic over port 443 from the container instance IP towards the four DevOps IP adresses.
The problem is fixed. When the subscriptions where requested at another department, the guy forgot to say that the environment must be able to talk to internet and therefore, NAT rule was not in place. Problem solved.
I have an OPC UA server in a docker container. The server exposes a TCP endpoint with the binary opc.tcp protocol. What are possible methods I can use to expose non http endpoints in Azure? Thank you.
This suggested a WCF workaround, but the server is not WCF application.
How can I host a TCP Listener in Azure?
If it is docker based, but not http, then Microsoft suggested two possible solutions.
Azure container instance - deploy a single docker instance via the Azure website, or you can deploy a multi docker instance as a container group via the Azure CLI. For multi docker instances you have limits on CPU and memory as it is running on the same "server" so scaling could be an issue. Adding a static ip is possible and described here Configure a single public IP address for outbound and inbound traffic to a container group
Use the AKS/Kubernetes cluster in Azure.
I have an Azure Container Service (Swarm). I am running a docker-compose with multiple http aspi and websites in it's definition. How can I configure the the swarm agent to allow inbound traffic to those apis? (they are running on different ports). By default I can access an api or a website under the 80 port only.
By default the Load Balancer has ports 80, 8080 and 443 open.If you
want to connect on another port you will need to open that port on the
Azure Load Balancer for the Agent Pool.
There is a document shows you how to open more ports for your applications in Azure Container Service.
I have a network with enabled Network Security Groups where I deny Outbound Port 80 and 443. All Outbound traffic is managed through a Squid Proxy.
Now, I want to create a new Virtual Machine in this Network using the Azure ARM templates using the resource Microsoft.Compute/virtualMachines. The problem is that after creation of the Azure Storage Account the VM can't connect to it as the Outbound Port 80 and 443 are denied.
Is it possible to give the resource Microsoft.Compute/virtualMachines some proxy settings?
You'll need to use a custom script extension to call a script to change the proxy settings on the VM itself after VM creation has completed.